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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the 
application. Applicant has submitted a new complete claim set showing any marked up claims 
with insertions indicated by underlining and deletions indicated by strikeouts and/or double 
bracketing. 

1 . (currently amended) A method of processing a Session Initiation Protocol (SIP) message, 
the method comprising: 

<a) receiving a SIP request at a SIP node, the SIP request including a message header 

including data indicative of network routing locations: 
editing the data at the SIP node : 

(b) generating a signature based upon at least a portion of the message header 

including the edited data: 

<€) generating a SIP node header entry; and 

{d} inserting the signature into the SIP node header entry. 

2. (original) The method of claim 1 , wherein the SIP node header entry is an echoed 
header. 

3. (canceled) 

4. (original) The method of claim 1 , wherein the SIP node header entry is a VIA header. 
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5. (currently amended) The method of claim 4, further comprising: 

^-receiving a SIP response at the SIP node in reply to the SIP request, the SIP response 
comprising the VIA header for the SIP node, the VIA header including a first received signature; 
and 

^-verifying the first received signature. 

6. (original) The method of claim 5, wherein verifying includes generating a verification 
signature based upon at least one VIA header of the SIP response and comparing the 
verification signature with the first received signature. 

7. (currently amended) The method of cla i m 5, further compr i s i ng A method of processing 
a Session Initiation Protocol (SIP) message, the method comprising : 

receiving a SIP request at a SIP node, the SIP request including a message header: 
generating a signature based upon at least a portion of the message header: 
generating a SIP node header entry, wherein the SIP node header entry is a VIA header: 
inserting the signature into the SIP node header entry: 

receiving a SIP response at the SIP node in reply to the SIP request, the SIP response 
comprising the VIA header for the SIP node, the VIA header including a first received signature: 
verifying the first received signature: 

^-determining a next link to a next SIP node to receive the SIP request; and 
(^determining if the next link to the next SIP node is an untrusted link, wherein 

generating the first signature includes only generating the first signature if the next link is an 

untrusted link. 
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8. (original) The method of claim 1 , wherein generating the signature includes generating a 
first signature based upon at least one VIA header of the message header. 

9. (original) The method of claim 8, wherein generating the first signature is based upon at 
least one VIA header of the message header and at least one of a peer FQDN, a connection 
identifier of the connection over which the message will be sent on a next hop, at least a 
portion of a FROM header of the message header, at least a portion of a TO header of the 
message header, at least a portion of a CALL-ID header of the message header, and at least a 
portion of aCSeq header of the message header. 

1 0. (original) The method of claim 8, wherein the message header includes a plurality of VIA 
headers and generating the first signature includes generating the first signature based upon 
the plurality of VIA headers except the VIA header of the SIP node. 

1 1 . (original) The method of claim 1 , wherein generating the signature includes generating a 
second signature based upon at least a portion of a RECORD-ROUTE header and at least a 
portion of a CONTACT header of the message header. 

12. (original) The method of claim 1 1 , wherein inserting the signature includes inserting the 
second signature as a URI parameter into a RECORD-ROUTE header of the SIP node. 

1 3. (original) The method of claim 1 1 , wherein generating the second signature includes 
generating a second signature based on a URI portion of each RECORD-ROUTE header in the 
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message header except for a RECORD-ROUTE header of the SIP node, and a URI portion of the 
CONTACT header in the message header. 

1 4. (currently amended) The method of claim 1 , further comprising: 

(j) receiving a SIP response in reply to the SIP request, the SIP response including a 

response header; 

4k) generating a fourth signature based upon a RECORD-ROUTE header and a 

CONTACT header of the response header; and 

4B inserting the fourth signature into a RECORD-ROUTE header of the SIP node of 

the response. 

15. (currently amended) The method of c l a i m 1 4. further compr i s i ng A method of 
processing a Session Initiation Protocol (SIP) message, the method comprising: 

receiving a SIP request at a SIP node, the SIP request including a message header: 
generating a signature based upon at least a portion of the message header; 
generating a SIP node header entry; 
inserting the signature into the SIP node header entry; 

receiving a SIP response in reply to the SIP request, the SIP response including a 
response header; 

generating another signature based upon a RECORD-ROUTE header and a CONTACT 
header of the response header; 

inserting the other signature into a RECORD-ROUTE header of the SIP node of the 
response; and 

before generating the fewtfr- other signature, removing an existing signature from the 
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SIP node header entry. 

1 6. (original) The method of claim 1 4, wherein inserting the fourth signature includes 
inserting the fourth signature as a URI parameter into the RECORD-ROUTE header of the SIP 
node. 

1 7. (original) The method of claim 1 4, wherein generating the fourth signature includes 
generating the fourth signature based upon the URI portions of each RECORD-ROUTE header of 
the response except for the RECORD-ROUTE header of the SIP node, and a URI portion of the 
CONTACT header. 

1 8. (currently amended) The method of claim 1 4, further comprising: 

(Redetermining a next link to a next SIP node to receive the SIP request; and 
{e)-determining if the next link to the next SIP node is an untrusted link, wherein 

generating the second signature includes only generating the second signature if the next link 

is an untrusted link. 

1 9. (original) The method of claim 1 8, wherein the SIP node is within a pool of servers and 
the method further comprises inserting an encrypted session key into the RECORD-ROUTE 
header of the SIP node. 

20. (currently amended) The method of claim 1 , further comprising: 

(p) determining a RECORD-ROUTE header of the SIP request; and wherein generating 

the signature includes generating a third signature based upon at least a portion of the 
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RECORD-ROUTE header of the SIP request. 

21 . (original) The method of claim 20, wherein inserting the third signature includes 
inserting the third signature into a RECORD-ROUTE header of the SIP node. 

22. (original) The method of claim 21 , wherein inserting the third signature includes 
inserting the third signature as a header parameter of the RECORD-ROUTE header of the SIP 
node. 

23. (currently amended) The method of claim 21 , further comprising: 

(s)-receiving a SIP response at the SIP node in reply to the SIP request, the SIP response 
comprising the RECORD-ROUTE header for the SIP node which includes a third received 
signature; and 

(t)-verifying the third received signature. 

24. (currently amended) The method of claim 20, further comprising: 
^-determining a next link to a next SIP node to receive the SIP request; and 
(f)-determining if the next link to the next SIP node is an untrusted link, wherein 

generating the third signature includes only generating the third signature if the next link is an 
untrusted link. 

25. (canceled) 

26. (currently amended) A computer storage medium having computer executable 
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instructions for performing steps for processing messages in a pool of servers having a first 
server and a second server which are constructed and arranged to be interchangeably used to 
process messages in the same dialog, the steps comprising: 

{a) identifying, at the first server, a public key and a private key; 

{b} receiving, at the first server, a first message including a first header; 

{e) generating a session key; 

{d} encrypting the session key with the private key; 

{e} generating, with the public key, a key signature based on the encrypted session 

key; 

(f) inserting the key signature into the first header. 

27. (currently amended) The computer storage r e adab le medium of claim 26, further 
comprising: 

{§) identifying, at the second server, the public key and the private key; 

(b) receiving, at the second server, a second message including a second header, 

the second header comprising the key signature; 

(t) decrypting the key signature to determine the session key. 

28. (currently amended) The computer storage readab l e medium of claim 27, further 
comprising: 

{j) verifying at least a portion of the second message with the session key. 

29. (currently amended) The computer storage readab l e medium of claim 26, wherein the 
first message is a Session Initiation Protocol (SIP) message. 

Application Number:l 0/81 5,232 
Attorney Docket Number:307568.01 
Application Filing Date:3/3 1 /2004 

8/19 



PATENT 



30. (currently amended) The computer storage readab l e medium of claim 26, wherein the 
first server is a proxy server. 

31 . (currently amended) The computer storage readab l e medium of claim 26, further 
comprising identifying a time stamp containing data representing a date and time of creation 
for the session key and appending the time stamp to the session key, wherein encrypting the 
session key includes encrypting the session key and the time stamp. 

32. (currently amended) A computer readable medium having stored thereon a data 
structure representing a Session Initiation Protocol (SIP) request, the data structure comprising: 

<a) a plurality of SIP headers comprising an echoed header including an address of a 

SIP node in a route for the SIP request; and 

data representing a digital signature generated by signing a portion of the SIP headers 
with a session key, wherein the echoed header is selected from the one of a group consisting of 
a VIA header, a FROM header, a TO header, a RECORD-ROUTE header, a CALL-ID header, and a 
CSeq header , wherein the data representing the digital signature is appended to one of the SIP 
headers . 

33. (currently amended) The computer readable medium of claim 32, wherein the plurality 
of SIP headers comprises a plurality of VIA headers and the digital signature is generated based 
on all VIA headers in the SIP headers except a topmost VIA header for the top li sted V I A header . 

34. (currently amended) The computer readable med i um of c l a i m 33 A computer readable 
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medium having stored thereon a data structure representing a Session Initiation Protocol (SIP) 
request, the data structure comprising: 

a plurality of SIP headers comprising an echoed header including an address of a SIP 
node in a route for the SIP request , wherein the plurality of SIP headers comprises a plurality of 
VIA headers and the digital signature is generated based on all VIA headers in the SIP headers 
except a topmost VIA header for the top li sted of the VIA headers; 

data representing a digital signature generated by signing a portion of the SIP headers 
with a session key, wherein the echoed header is one of a group consisting of a VIA header, a 
FROM header, a TO header, a RECORD-ROUTE header, a CALL-ID header, and a CSeq header. 

35. (original) The computer readable medium of claim 34, wherein the digital signature is 
generated based upon a URI portion of the RECORD-ROUTE header and a URI portion of the 
CONTACT header. 

36. (original) The computer readable medium of claim 32, wherein the digital signature 
comprises a first signature generated based upon at least a portion of a RECORD-ROUTE header 
and a second digital signature generated based upon at least a portion of the RECORD-ROUTE 
header and at least a portion of a CONTACT header of the SIP request. 

37. (currently amended) A method of verifying a Session Initiation Protocol (SIP) message, 
the method comprising: 

<a) receiving a SIP response at a SIP node from another SIP node , the SIP response 

including a message header; 

(b) identifying an echoed header in the message header; 
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(€) extracting a received signature from the echoed header; 

{d) generating a verification signature based upon at least a portion of the message 



{e} comparing the verification signature with the received signature : and 

routing the SIP message to a next SIP node when the verification signature matches the 
received signature. 

38. (original) The method of claim 37, wherein the echoed header is selected from the group 
consisting of a VIA header, a FROM header, a TO header, a RECORD-ROUTE header, a CALL-ID 
header, and a CSeq header. 

39. (original) The method of claim 38, wherein generating a verification signature includes 
generating the verification signature based upon at least a portion of at least one of a VIA 
header, a CONTACT header, a RECORD-ROUTE header, a ROUTE header, a CALL-ID header, and 
a CSeq header. 

40. (new) A method performed by a SIP node routing a SIP message between a first SIP node 
and a second SIP node, the method comprising: 

receiving the SIP message from the first SIP node, the SIP message including a first SIP 
routing header added to the SIP message by the first SIP node, the first SIP routing header 
identifying the first SIP node; 

generating a digital signature of the first SIP routing header; 

adding the digital signature to the SIP message; and 

forwarding the SIP message to the second SIP node. 



header; 
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41 . (new) A method according to claim 41 , further comprising adding, by the SIP node, a 
second SIP routing header comprising information identifying the SIP node, wherein the adding 
the digital signature comprises appending the digital signature to the second SIP routing 
header. 
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